Cyber-readiness: Meeting CMMC mandates

Government contractors must comply with the new Cybersecurity Maturity Model Certification (CMMC) program from the Department of Defense (DoD) and its standards to maintain existing contracts and win new ones.

If you’re preparing to get CMMC certification, you can use penetration tests, enterprise risk assessments and updates to incident response plans to help you prepare.

CMMC requirements for federal government contractors

The date for implementation is uncertain, but the DoD could begin implementing CMMC standards as soon as May 2023. However, it is possible that the date could be delayed until 2025.

Whenever implementation begins, contractors will need a DoD-approved CMMC contract clause in your agreements for the DoD’s new product and service acquisitions.

There are different levels of CMMC certification, and you’ll have to keep your certification at that level throughout the contract’s life, said HORNE Account Specialist Sarah Duncan.

“Many people I talk to think that 2025 is so far away. But it’s important to remember that the CMMC is based on a maturity model,” Duncan said. “It’s vital that you put cybersecurity processes and controls in place to meet the CMMC at least six months before that date.

“We’re helping companies do the readiness work now, and we’re finding that companies have a lot of remediation to do. That could take a while. We want to make sure no one is missing out on these big contracts they have,” she said.

“The CMMC standard is already showing up in requests for proposals as a bonus,” she said. “So, you can benefit from CMMC certification as you respond to RFPs and compete for DoD contracts.

“The CMMC standard affects many organizations, from major weapons manufacturers to construction companies that work at military bases and hospitals,” she added. “You may not even realize that applies to you.”

Is CMMC required for your business?

If you fulfill contracts for the DoD, you should find out now whether CMMC certification is a mandate for your business. CMMC certification counts on your adherence to the highest standards for cybersecurity controls, policies and procedures.

So, acquiring CMMC certification protects the revenues you make from DoD contracts and helps to ensures that you are equipped for potential attacks.

“There is speculation that the CMMC will apply to an increasing number of federal and even state contracts,” Duncan said, “making it a more significant mandate than we thought.”

Planning ahead

As an approved CMMC Third-Party Assessor Organization™ and a CMMC-registered practitioner organization (CMMC RP), HORNE advises and consults with companies preparing to meet the CMMC standard. With penetration tests, enterprise risk assessments and consultations you can get CMMC certified.

Contact us today to find out how HORNE can help with your CMMC requirements.



More Insights

The Secret to Having Hard Conversations

Many leaders approach hard conversations the wrong way. The two most common mistakes we see are (1) allowing your emotions to set the tone and (2)...


Want to keep employees? Have “stay conversations”

Recently we helped a family-owned general contractor re-engage two key employees. One was a supervisor whose future was in question as a large job...


IRS Places Moratorium on the Processing of New ERC Filings

If you’re looking to file an Employee Retention Credit claim with the IRS, please note that there is a hold on processing of all new ERC filings...


What do the latest Davis-Bacon Act revisions mean to you?

Passed in 1931, the Davis–Bacon Act established requirements for paying local prevailing wages on public works projects for laborers and mechanics....


HORNE Board of Directors admits Monique Mahan as a director

Monique Mahan was admitted as a tax director, joining HORNE’s Public and Middle Market group, effective August...


HORNE Board of Directors admits new director

Lori Crocker, who serves in HORNE’s Healthcare group, was recently promoted to director, effective September...


Talk to an expert today.